diff --git a/app-forensics/samhain/Manifest b/app-forensics/samhain/Manifest index 851f244c4..764e57e03 100644 --- a/app-forensics/samhain/Manifest +++ b/app-forensics/samhain/Manifest @@ -1,3 +1,2 @@ -DIST samhain_signed-4.3.1.tar.gz 2141139 BLAKE2B 958f5864e817e8b6d73b97876e9c5afcc122e382c13ff5f94db2ad6219553de6b1ab5f2d4cd48e31ebe3e32f471b63d67db54fd25683d29531d4ec8207bb03e0 SHA512 5f524db9586d1e8be69c8f7aa199c4b2edb699922cd957d5d02d66c749286c8131a07906ea59dad1871758b8dda9f7a7d8d1c3c09a91de854dfbaccede56833d -DIST samhain_signed-4.3.2.tar.gz 2142763 BLAKE2B 8236689cbdeae6cc1b9fad4432c8ea718691ced65435eafd5956b7ff9330716a816fcecb22129bbe3aaedc6804655f75e6028cdbd0deb9ffac4adbf45c31f4d2 SHA512 aaa4c9e384715fffaa55d3d5838bf137f199bd7a8da2f2005e165ead03f82c401de74806c4a2687eaa217927d50c5400417805ac37dfd36c4b0ad959c3bf2d1e DIST samhain_signed-4.3.3.tar.gz 2142337 BLAKE2B 7746477de00a2ee58e482fb9b021c29af2fdf307af54b717501df517430f39360b0d4bd6be9e810b406617c2ae4d23ef4827f80912dffb36b5f2ca7cc1ca53ce SHA512 b99400086d4d71c7cc9d6740fa913ed0ebf2d3af79690cc30a93708f350e9fb36f7aae62f1a5a1f0d565ecc0102f95e79c3c4ac9460c3f9b40e5c5b0c6b597ab +DIST samhain_signed-4.4.0.tar.gz 2159532 BLAKE2B 409e434878466d2b7dfbd8d47e8ed186781c0f0ffe69a7e0f011246aff0735602920b33f2ee734235f2584de5045a38f06fc38f56b2147bed20058703fffedcb SHA512 21152a2a01d216f72729237403f5bd5e7c323a78f91ce7d05045655addad1415dad47183b0a7828d8b5dd4283a4436cfa5ba1c0b5aa95256a3da41293a151ff8 diff --git a/app-forensics/samhain/samhain-4.3.1.ebuild b/app-forensics/samhain/samhain-4.3.1.ebuild deleted file mode 100644 index 23a1c41a1..000000000 --- a/app-forensics/samhain/samhain-4.3.1.ebuild +++ /dev/null @@ -1,211 +0,0 @@ -# Copyright 1999-2019 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -DESCRIPTION="Advanced file integrity and intrusion detection tool." -HOMEPAGE="http://la-samhna.de/samhain/" -SRC_URI="http://la-samhna.de/archive/samhain_signed-${PV}.tar.gz" - -KEYWORDS="~amd64 ~x86" -LICENSE="GPL-2" -SLOT="0" -IUSE="crypt debug login-watch mounts-check mysql netclient netserver postgres static suidcheck userfiles xml" - -DEPEND="crypt? ( >=app-crypt/gnupg-1.2 ) - mysql? ( dev-db/mysql ) - postgres? ( dev-db/postgresql ) - >=sys-apps/sed-4 - app-arch/tar - app-arch/gzip" - -# Samhain stealth mode options -# -# If you would like to enable stealth mode, please set and uncomment the -# following options or pass them as enviroment variables when emerging -# the package (like INSTALL_NAME="asd" emerge samhain). -# If you set the variables here, don't forget to redigest the ebuild by -# issuing 'ebuild samhain-.ebuild digest', also remember that with -# your next emerge sync, the changes to the ebuild will be lost! -# -# Read the Samhain manual for additional information. -# -# STEALTH should be set to either 'full' or 'micro' (mandatory) -#STEALTH="" -# -# XOR_VALUE should be a whole number from 128 to 255 (mandatory) -#XOR_VALUE="" -# -# INSTALL_NAME can be set to change the name of the Samhain binaries -# to the name you specify (optional) -#INSTALL_NAME="" - -if [[ "${STEALTH}" == "full" ]] ; then - RDEPEND="media-gfx/imagemagick" -fi - -pkg_setup() { - if use static ; then - if use postgres ; then - ewarn "At the moment it isn't possible to build a static Samhain with" - ewarn "PostgreSQL support on Gentoo, the compilation" - ewarn "fails during the linking process." - echo - ewarn "This will be looked at and fixed in the future, in the meantime," - ewarn "patches to fix this are always welcome and appreciated! ;)" - ewarn "(Open a bug on bugs.gentoo.org for them or send them to" - ewarn "the maintainer directly, thanks!)" - die "Please turn the 'postgres' USE flags off when building with 'static'" - fi - fi - - if use mysql && use postgres ; then - ewarn "You cannot compile both database backends into Samhain at once," - ewarn "you need to choose between MySQL or PostgreSQL and disable the" - ewarn "one you don't want to use." - die "Please choose between 'mysql' or 'postgres' USE flags" - fi -} - -src_unpack() { - unpack ${A} - tar -xzf "samhain-${PV}.tar.gz" - cd "${S}" -} - -src_prepare() { - sed -i -e 's/INSTALL_PROGRAM = @INSTALL@ -s/INSTALL_PROGRAM = @INSTALL@/' Makefile.in || die "Failed to patch Makefile" -} - -src_configure() { - local myconf - - if use crypt ; then - myconf="${myconf} --with-gpg=/usr/bin/gpg --with-checksum=no" - - if [[ -n "${KEY_FPR}" ]] ; then - einfo "Setting built-in key fingerprint to ${KEY_FPR}" - FPR=`echo ${KEY_FPR} | sed "s/ //g"` - myconf="${myconf} --with-fp=${FPR}" - fi - fi - - if [[ -n "${STEALTH}" ]] ; then - [[ -z "${XOR_VALUE}" ]] && die "Variable XOR_VALUE must be set for stealth mode" - echo - einfo "Enabling stealth mode '${STEALTH}', setting XOR_VALUE to ${XOR_VALUE}" - - if [[ "${STEALTH}" == "full" ]] ; then - myconf="${myconf} --enable-stealth=${XOR_VALUE}" - sed -e "s:STEGIN=@stegin_prg@:STEGIN=:g" -i samhain-install.sh.in - elif [[ "${STEALTH}" == "micro" ]] ; then - myconf="${myconf} --enable-micro-stealth=${XOR_VALUE}" - else - die "STEALTH must be set to either 'full' or 'micro'" - fi - - if [[ -n "${INSTALL_NAME}" ]] ; then - echo - einfo "Setting alternative samhain name to ${INSTALL_NAME}" - echo - myconf="${myconf} --enable-install-name=${INSTALL_NAME}" - fi - fi - - use mysql && myconf="${myconf} --with-database=mysql --enable-xml-log" - use postgres && myconf="${myconf} --with-database=postgresql --enable-xml-log" -# use prelude && myconf="${myconf} --with-prelude --with-libprelude-prefix=/usr" - use xml && myconf="${myconf} --enable-xml-log" - use static && myconf="${myconf} --enable-static" - use debug && myconf="${myconf} --enable-debug" - - use netclient && myconf="${myconf} --enable-network=client" - use netserver && myconf="${myconf} --enable-network=server" - - use login-watch && myconf="${myconf} --enable-login-watch" - use mounts-check && myconf="${myconf} --enable-mounts-check" - use suidcheck && myconf="${myconf} --enable-suidcheck" - use userfiles && myconf="${myconf} --enable-userfiles" - - myconf="${myconf} --localstatedir=/var --disable-asm" - - econf ${myconf} -} - -src_install() { - make DESTDIR="${D}" install || die "make install failed" - - rm -Rf "${D}/var/log" - rm -Rf "${D}/var/run" - rm -Rf "${D}/var/state" - - if [[ -n "${STEALTH}" ]] ; then - rm -Rf "${D}/usr/share" - else - dodoc docs/BUGS docs/MANUAL* docs/README* docs/*.txt - dohtml docs/*.html -# docinto scripts -# dodoc scripts/* - insinto /etc - insopts -m0600 - newins samhainrc.linux samhainrc - newinitd init/samhain.startGentoo samhain - keepdir "/var/lib/samhain" - fi - - if use netserver ; then - keepdir "/var/lib/yule" - chown daemon:daemon "${D}/var/lib/yule" - keepdir "/var/log/yule" - chown daemon:daemon "${D}/var/log/yule" - fi -} - -pkg_postinst() { - if [[ -n "${STEALTH}" ]] ; then - elog - elog "Manual pages, documentation, and init script were NOT installed in order to" - elog "obscure Samhain's presence. You should also remove samhain's installation" - elog "traces from /var/cache/edb/world and /var/db/pkg." - fi - - if [[ "${STEALTH}" == "full" ]] ; then - elog - elog "In stealth mode, the configuration file must be steganographically hidden" - elog "in a postscript image file. The sample config has been created this way by" - elog "the installation process. Use the samhain_stealth utility to modify or" - elog "create your own configuration file." - fi - - if [[ -z "${KEY_FPR}" ]] ; then - elog - ewarn "GnuPG support has been enabled, but fingerprint verification will be" - ewarn "ignored. To enable fingerprint verification (strongly recommended)," - ewarn "you must re-emerge this package with the KEY_FPR variable set to" - ewarn "your default signing key fingerprint." - ewarn "Please read the Samhain manual for more details." - elog - elog "Enabling GnuPG support in Samhain requires that you sign your configuration" - elog "and database files. Please run the following commands as root:" - elog - elog " gpg -a --clearsign --not-dash-escaped /etc/samhainrc" - elog " mv /etc/samhainrc.asc /etc/samhainrc" - elog " chmod 600 /etc/samhainrc" - elog - elog "Run the same commands on /var/lib/samhain/samhain_file after initialization." - fi - - elog - elog "Be sure to check your settings in /etc/samhainrc. When ready, run:" - elog " samhain -t init" - elog "to initialize Samhain." - - elog - elog "Samhain stealth-mode options are also available. Please view the comments" - elog "in the Samhain ebuild for further configuration instructions." - - elog - ewarn "Please be sure to read the Samhain manual to understand and correctly" - ewarn "configure the Samhain utility." - ewarn "HTML version available for viewing at http://la-samhna.de/samhain/manual/ ." -} diff --git a/app-forensics/samhain/samhain-4.3.2.ebuild b/app-forensics/samhain/samhain-4.4.0.ebuild similarity index 97% rename from app-forensics/samhain/samhain-4.3.2.ebuild rename to app-forensics/samhain/samhain-4.4.0.ebuild index 6ea638b7f..1ae87a43f 100644 --- a/app-forensics/samhain/samhain-4.3.2.ebuild +++ b/app-forensics/samhain/samhain-4.4.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -80,7 +80,7 @@ src_unpack() { src_prepare() { sed -i -e 's/INSTALL_PROGRAM = @INSTALL@ -s/INSTALL_PROGRAM = @INSTALL@/' Makefile.in || die "Failed to patch Makefile" #unable to configure these options - sed -i -e '/--docdir/d' -e '/--htmldir/d' configure || die + sed -i -e '/--docdir/d' -e '/--htmldir/d' configure || die "Failed to patch configure" eapply_user } @@ -104,7 +104,7 @@ src_configure() { if [[ "${STEALTH}" == "full" ]] ; then myconf="${myconf} --enable-stealth=${XOR_VALUE}" - sed -e "s:STEGIN=@stegin_prg@:STEGIN=:g" -i samhain-install.sh.in + sed -e "s:STEGIN=@stegin_prg@:STEGIN=:g" -i samhain-install.sh.in || die "Failed to patch install.sh" elif [[ "${STEALTH}" == "micro" ]] ; then myconf="${myconf} --enable-micro-stealth=${XOR_VALUE}" else @@ -143,6 +143,7 @@ src_install() { rm -Rf "${D}/var/log" rm -Rf "${D}/var/run" + rm -Rf "${D}/run" rm -Rf "${D}/var/state" if [[ -n "${STEALTH}" ]] ; then diff --git a/profiles/pentoo/base/package.accept_keywords/app-forensics b/profiles/pentoo/base/package.accept_keywords/app-forensics index 68c5ef7cd..2d35f9e75 100644 --- a/profiles/pentoo/base/package.accept_keywords/app-forensics +++ b/profiles/pentoo/base/package.accept_keywords/app-forensics @@ -1,54 +1,37 @@ # Pentoo +app-forensics/dff +app-forensics/eagleeye +=app-forensics/guymager-0.8* +~app-forensics/inception-0.4.1 +app-forensics/libbfio +app-forensics/libewf +~app-forensics/libforensic1394-0.2 +app-forensics/libpff +app-forensics/libvshadow +app-forensics/maltego +=app-forensics/origami-pdf-2.1* +app-forensics/pdf-parser +=app-forensics/rdd-3* +~app-forensics/reglookup-1.0.1 +app-forensics/samhain +~app-forensics/scap-security-guide-0.1.46 +app-forensics/spiderfoot +app-forensics/thehive +app-forensics/volatility +=app-forensics/xmount-0.7* app-forensics/bulk_extractor dev-libs/hashdb -app-forensics/pdf-parser -=app-forensics/rdd-3* -app-forensics/volatility - -=app-forensics/guymager-0.8* - -app-forensics/dff -app-forensics/libbfio -app-forensics/libpff -~app-forensics/reglookup-1.0.1 - -~app-forensics/inception-0.4.1 -~app-forensics/libforensic1394-0.2 - app-forensics/pcileech =dev-libs/LeechCore-1* -~app-misc/hivex-1.3.11 - -app-forensics/libvshadow - -~app-forensics/samhain-4.1.2 - -=app-forensics/xmount-0.7* - -=app-forensics/origami-pdf-2.1* - -app-forensics/libewf - -=app-forensics/samhain-4.2* - =app-forensics/yara-3* =dev-python/yara-python-3* -app-forensics/spiderfoot - -app-forensics/maltego - -app-forensics/thehive - -~app-forensics/scap-security-guide-0.1.46 app-forensics/openscap =app-admin/ansible-lint-4* -app-forensics/eagleeye - # Gentoo =app-forensics/sleuthkit-4.7* ~app-forensics/pasco-20040505_p1